SMB Website Security

SMB website security is big business but a necessary one. There are currently nearly 27 million small businesses operating in the US. They generate over $11 Trillion in revenue according to an SBA.gov report. Out of all those businesses, Verizon Business reports that more than 60% of the data breaches were at companies with less than 100 employees and nearly half involved dedicated servers with malware injections.

Over 6,000 online businesses are blacklisted every day due to vulnerabilities; malware, hacks, spoofing, spam etc.

SMB website security needs to detect and clean any malware before a website is blacklisted. Otherwise, this will damage a company’s reputation and hurt sales.

Always ensure open source software is up to date and “hardened” as soon as possible. It is always a good idea to build a small business website with security in mind at all times. Never assume that any software you are using is up to date and “hardened” as it should be.

Likely vectors of attack often include code injections, weak or even unencrypted login pages or credentials and out-dated software or applications. It is always better to scan and detect vulnerabilities on a dedicated server before they occur so the SMB has more time to patch up any weaknesses.

A web hosting providers role in SMB website security

Depending on your web hosting provider, SMB website security not done correctly can result in the site being shut down. This will result in a damaged business reputation, placing customer data at risk, and even lowering search engines ranking substantially. For example, you might recall certain large businesses being down for a period of time or a security issue mentioned on the news involving a reputable company. These instances can always make headlines and are not something any company, big or small, wants to ever deal with. Again, better to harden a server before anything ominous could happen.

InformationWeek Analytics Strategic Security Survey of 2011 conducted a survey asking what is the largest security challenge facing SMB website security. The sheer complexity of managing security was an SMB’s biggest concern by far. Enforcing security policies and preventing data breaches from outside attacks were the second and third biggest concerns. On a positive note, acquiring professional resources and expertise seemed to be the easiest step in the process.

Alarmingly, in 2012, StopBadware.org discovered that many SMB’s can remain compromised, either by not being able to resolve the issue or not even being aware of the intrusion, up to 26% of the time. Many (good) server administrators were able to resolve the vulnerability or intrusion themselves by either online research or obtaining the services of a security company such as SiteLock. A short-term fix but an ill-advised one is for server owners to abandon their website and simply set up a new site with a different provider. This, however, does not solve the problem and in many cases are just delaying the inevitable again.

A good web hosting provider will in many cases help resolve a security issue. However with the many very cheap dedicated server providers flooding the market today this will either not be possible. It can also come at an added cost and in many cases exceed an SMB’s limited budget.

SMB website security is about preventing security issues from happening in the first place. Even the most effective protection, however, cannot stop attacks 100% of the time. If or when compromised, make sure there is a procedure to follow that is, practical, workable and easy to understand. Don’t develop a complicated incident response plan that is too difficult to execute.